Digital Asset Discovery and External Threat Detection

Questions & Answers

What is Outside the Firewall? Learn more about Outside the Firewall, why it matters to every company’s security program and the right questions to ask when securing your enterprise digital footprint Outside the Firewall.

What is Outside The Firewall? Or WTFOTF?

Outside the Firewall refers to a company’s or brand’s digital assets–web, mobile and social–that exist beyond the perimeter and safety of the firewall. Thanks to the increase in third party code and other web components, the rise of mobile apps and increased adoption of social networks to communicate with customers, customers now interact with companies and brands, sharing their data beyond traditional security control of the firewall.

Web Assets

Websites and web pages, including microsites and landing pages that are self-hosted and hosted by third parties.

Third party code, including various components and code libraries

Websites and web pages can be created by various departments or vendors without the security team’s knowledge

Mobile Assets

Third party apps — both official and unofficial apps.

Third party app store listings, which often require only developer submission

Unofficial apps can be created and submitted to app stores by independent developers

Social Assets

Social media profiles for brands and its spokespeople or executives

Profiles are hosted by social networks, outside your firewall

Social media profiles can be created by anyone, as long as the profile name or handle is available

Can my external threat management program keep up with the increase of digital assets outside the firewall?

What is an enterprise digital footprint? Find out what an enterprise digital footprint is, and how you can find out what yours looks like.

What Is An Enterprise Digital Footprint?

Simply put, an enterprise digital footprint is the discovery and inventory of all web, mobile and social assets associated with your organization, spokespeople and executives. As the digital assets that make up your footprint are external facing customer and partner touchpoints, they use your brand to reinforce your brand’s promise and message. Threat actors are taking advantage of organizations’ brand equity to create unknown, malicious digital assets outside the firewall to attack organizations and their customers. With RiskIQ’s Enterprise Digital Footprint, you can discover the unknown and rogue assets within your digital footprint, bring them under policy and monitor these assets for changes.

Known Assets

Corporate website, known microsites and landing pages

Official mobile apps in authorized app stores

Social media profiles, managed by marketing, communications, support and other internal teams or official vendors.

Unknown Assets

Quick and dirty microsites created by a team or vendor, without the knowledge of IT

Branded mobile apps, which may have been made by a third party developer or scraped and used to build a third party app store listing

Unofficial social media profiles, created by fans, comedians for parody’s sake, or malicious actors.

Rogue And Malicious Assets

Abandoned cloud servers or domain names, which may be compromised by threat actors

Malvertising — malicious ads which can be hyper targeted to its victims and set to deliver malware such as drive-by downloads and other executables.

Social media profiles created to use a brand’s trust and equity to further online scams

Questions To Ask Yourself

How confident am I that my security program has full visibility of my enterprise digital footprint?

How can I track changes in the assets within my enterprise digital footprint?

What’s the workflow for remediation if we discover an external threat in my enterprise digital footprint?

Who are virtual users and what do they do? Understand a core technology that differentiates RiskIQ from a threat data feed and how RiskIQ is able to capture the full extent of external threats, by evading bot blockers used by adversaries.

RiskIQ’s virtual users automatically discover and inventory websites, online ads and mobile apps that are legitimately or fraudulently linked to a company or any of its brands. By serving as potential targets for threat actors, these virtual users are able to evade anti-security measures to capture the full Document Object Model (DOM) data. With this data, RiskIQ’s threat researchers and customers can recreate the captured digital asset, including any threats to better understand, and ultimately defend against, these threats.

Virtual Users

Web and mobile proxy network with more than 520 egress points and 40+ countries

Browse the internet the way real users do

Evade anti-malware detection systems

Capture the full DOM

Questions To Ask Yourself

What proxy networks do I need?

Which countries and geographies do I want my virtual users to be from?

How can my researchers and security program use the DOM data?

What are points of egress? Points of egress are the network points where RiskIQ’s virtual users start browsing the web. Learn how the more than 520 points of egress enable RiskIQ to provide global coverage from its virtual users.

Points Of Egress

At its core, egress is the point at which network communications goes out. With more than 520 points of egress, RiskIQ is able to ensure that its virtual users represent a broad cross section of internet users on both web and mobile platforms. The number of egress points also enables RiskIQ’s virtual users to evade detection by adversaries.

Cloud Scanning Engine And Custom Monitoring

RiskIQ offers customized data delivery to advanced security organizations. This data contains actionable insights and context, as the raw data collected by RiskIQ’s virtual users has been enriched with meta-data. Advanced security organizations can consume this data through three analysis pipelines:

By storing raw and pipeline-tested, virtual user-collected data in a normalized format, integrated applications can quickly access the data. Product owners can focus on delivering on business requirements instead of finding resources to collect and structure data. With dozens of pre-built facets and search, pivoting around the data is easy.

Custom Data Services

Reputation Pipeline

Behavior Pipeline

Content Pipeline

Available via WebUI

Available via API as a XML / JSON feed

Available via data transfer to a new host system or shipped via hard drive

Licenses for the data are available as SaaS-hosted, managed or on-premise solutions

Questions To Ask Yourself

What kind of data do I need?

How can my app easily consume and use the data?

Are my organizational security concerns around understanding what sources are associated with malicious activity, have exhibited malicious activity or have served malicious content?